GCP Terraform update v3.10.0 (#68)

* Adding gke subnet module Signed-off-by: gar <[email protected]> * Updating GCP deployment Signed-off-by: gar <[email protected]> * Parameterizing the private subnet name Signed-off-by: gar <[email protected]> * Cleaning up the terraform files Signed-off-by: gar <[email protected]> * Updating EIP and the nat usage of it Signed-off-by: gar <[email protected]> * Updating to v3.10.0 and adding cluster autoscaler Signed-off-by: gar <[email protected]> * Updating to v3.10.0 and adding cluster autoscaler Signed-off-by: gar <[email protected]> * Adding node provisioning and gke shield options Signed-off-by: gar <[email protected]>
ManagedKube · Mar 4, 2020 · 553e24d · 553e24d
1 parent d58aca6
commit 553e24d
Show file tree

Hide file tree

Showing 20 changed files with 394 additions and 329 deletions.
diff --git a/docs/cidr-ranges.md b/docs/cidr-ranges.md
@@ -4,7 +4,8 @@ CIDR Ranges
 # IP Calculator
 Here is a very good online IP CIDR calculator
 
-http://www.subnet-calculator.com/cidr.php
+* http://www.subnet-calculator.com/cidr.php
+* http://jodies.de/ipcalc
 
 
 # Global
@@ -17,10 +18,10 @@ http://www.subnet-calculator.com/cidr.php
 | Kubernetes aws - staging          | 10.12.0.0/16  |
 | Kubernetes aws - prod             | 10.13.0.0/16  |
 | Kubernetes aws - ....             | 10.13.0.0/16  |
-| Kubernetes gcp - dev              | 10.20.0.0/16  |
-| Kubernetes gcp - qa               | 10.21.0.0/16  |
-| Kubernetes gcp - staging          | 10.22.0.0/16  |
-| Kubernetes gcp - prod             | 10.23.0.0/16  |
+| Kubernetes gcp - dev              | 10.32.0.0/12 - 10.47.0.0/12  |
+| Kubernetes gcp - qa               | 10.48.0.0/12 - 10.63.255.255  |
+| Kubernetes gcp - staging          | 10.64.0.0/12 - 10.79.255.255  |
+| Kubernetes gcp - prod             | 10.80.0.0/12 - 10.95.255.255  |
 
 ## Reserved ranged for each environment
 Each environment has a bunch of initial reserved ranges to bring up the entire
@@ -43,17 +44,19 @@ be applied to any of the above CIDRs.
 | app one - subnet 2                    | 10.xx.100.64/28  | 10.xx.100.64 - 10.xx.100.79 |
 | app two - subnet 1                    | 10.xx.100.64/28  | 10.xx.100.64 - 10.xx.100.79 |
 | app two - subnet 2                    | 10.xx.100.64/28  | 10.xx.100.64 - 10.xx.100.79 |
+| Transit Gateway - subnet1             | 10.xx.104.16/28  | 10.xx.104.16 - 10.xx.104.31 |
+| Transit Gateway - subnet2             | 10.xx.104.32/28  | 10.xx.104.32 - 10.xx.104.47 |
+| Transit Gateway - subnet3             | 10.xx.104.48/28  | 10.xx.104.48 - 10.xx.104.63 |
 
 ## GCP Subnets
+
+### Dev
 | Name                                  | CIDR             | Address Range               |
 |---------------------------------------|------------------|-----------------------------|
-| VPC - default public subnet           | 10.xx.10.0/24    | 10.xx.10.0  - 10.xx.10.255  |
-| VPC - default private subnet          | 10.xx.20.0/24    | 10.xx.20.0 - 10.xx.20.255   |
-| GKE cluster public subnet             | 10.xx.11.0/24    | 10.xx.11.0 - 10.xx.11.255   |
-| GKE cluster private subnet            | 10.xx.21.0/24    | 10.xx.21.0 - 10.xx.21.255   |
-| GKE master CIDR block                 | 10.xx.22.0/28    | 10.xx.22.0 - 10.xx.22.15    |
-| GKE pod CIDR range                    | 10.xx.64.0/19    | 10.xx.64.0 - 10.xx.95.255   |
-| GKE service CIDR range                | 10.xx.96.0/19    | 10.xx.96.0 - 10.xx.127.255  |
-| Transit Gateway - subnet1             | 10.xx.104.16/28  | 10.xx.104.16 - 10.xx.104.31 |
-| Transit Gateway - subnet2             | 10.xx.104.32/28  | 10.xx.104.32 - 10.xx.104.47 |
-| Transit Gateway - subnet3             | 10.xx.104.48/28  | 10.xx.104.48 - 10.xx.104.63 |
+| VPC - default public subnet           | 10.32.1.0/24     | 10.32.1.0 - 10.32.1.255     |
+| VPC - default private subnet          | 10.32.5.0/24     | 10.32.5.0 - 10.32.5.255     |
+| GKE master CIDR block                 | 10.32.11.0/28    | 10.32.11.0 - 10.32.11.15    |
+| GKE cluster public subnet             | 10.32.16.0/20    | 10.32.16.0 - 10.32.31.255   |
+| GKE cluster private subnet            | 10.32.32.0/20    | 10.32.32.0 - 10.32.47.255   |
+| GKE service CIDR range                | 10.32.64.0/19    | 10.32.64.0 - 10.32.95.255   |
+| GKE pod CIDR range                    | 10.36.0.0/14     | 10.36.0.0 - 10.39.255.255   |
diff --git a/tf-environments/gcp/dev/cluster/terragrunt.hcl b/tf-environments/gcp/dev/cluster/terragrunt.hcl
diff --git a/tf-environments/gcp/dev/gke-cluster/terragrunt.hcl b/tf-environments/gcp/dev/gke-cluster/terragrunt.hcl
@@ -0,0 +1,62 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../tf-modules/gcp/private-gke-cluster/"
+
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+
+     arguments = [
+      "-var-file=${get_terragrunt_dir()}/../_env_defaults/gcp.tfvars",
+     ]
+  }
+}
+
+inputs = {
+  vpc_name = trimspace(run_cmd("terragrunt", "output", "network_name", "--terragrunt-working-dir", "../vpc"))
+  network_name = trimspace(run_cmd("terragrunt", "output", "network_name", "--terragrunt-working-dir", "../vpc"))
+  cluster_name = "dev"
+  private_subnet_name = trimspace(run_cmd("terragrunt", "output", "private_subnet_name", "--terragrunt-working-dir", "../gke-subnets"))
+
+  enable_private_kube_master_endpoint = false
+
+  gke_version = "1.16.5-gke.2"
+  initial_node_count = "1"
+
+  master_ipv4_cidr_block="10.32.11.0/28"
+
+  master_authorized_networks_cidr = [
+    { cidr_block = "10.0.0.0/8", display_name = "10x" },
+    { cidr_block = "172.16.0.0/12", display_name = "172x" },
+    { cidr_block = "192.168.0.0/16", display_name = "192x" },
+    { cidr_block = "38.30.8.138/32", display_name = "home" },
+    { cidr_block = "35.222.67.76/32", display_name = "gar-vpn" },
+    { cidr_block = "12.190.239.210/32", display_name = "gar-vpn-2" },
+  ]
+
+  outbound_through_nat_tags=["private-subnet", "gke-private-nodes"]
+
+  cluster_autoscaling_enabled = true
+
+  resource_limits_enable = [
+    {
+      type = "cpu",
+      max = 10,
+      min = 0,
+    }, {
+      type = "memory",
+      max = 16,
+      min = 0,
+    }
+  ]
+
+  release_channel_channel = "RAPID"
+
+  enable_intranode_visibility = true
+}
+
+dependencies {
+  paths = ["../vpc"]
+}
diff --git a/tf-environments/gcp/dev/gke-subnets/terragrunt.hcl b/tf-environments/gcp/dev/gke-subnets/terragrunt.hcl
@@ -0,0 +1,35 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../tf-modules/gcp/gke-subnets/"
+
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+
+     arguments = [
+      "-var-file=${get_terragrunt_dir()}/../_env_defaults/gcp.tfvars",
+     ]
+  }
+}
+
+inputs = {
+  vpc_name = trimspace(run_cmd("terragrunt", "output", "network_name", "--terragrunt-working-dir", "../vpc"))
+  region = trimspace(run_cmd("terragrunt", "output", "region", "--terragrunt-working-dir", "../vpc"))
+  network_name = trimspace(run_cmd("terragrunt", "output", "network_name", "--terragrunt-working-dir", "../vpc"))
+
+  services_ip_cidr_range="10.32.64.0/19"
+  pods_ip_cidr_range="10.36.0.0/14"    # 1024 max nodes
+
+  #####################
+  # networking
+  #####################
+  public_subnet_cidr_range = "10.32.16.0/20"
+  private_subnet_cidr_range = "10.32.32.0/20"
+
+}
+
+dependencies {
+  paths = ["../vpc"]
+}
diff --git a/tf-environments/gcp/dev/networking/terragrunt.hcl b/tf-environments/gcp/dev/networking/terragrunt.hcl
diff --git a/tf-environments/gcp/dev/nodepools/pool-1/terragrunt.hcl b/tf-environments/gcp/dev/nodepools/pool-1/terragrunt.hcl
@@ -3,19 +3,29 @@ include {
 }
 
 terraform {
-  source = "../../../../../../tf-modules/gcp/nodepool/"
+  source = "../../../../../tf-modules/gcp/nodepool/"
+
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+
+     arguments = [
+      "-var-file=${get_terragrunt_dir()}/../../_env_defaults/gcp.tfvars",
+     ]
+  }
 }
 
 inputs = {
 
-  cluster_name = "dev"
+  cluster_name = trimspace(run_cmd("terragrunt", "output", "cluster_name", "--terragrunt-working-dir", "../../gke-cluster"))
   node_pool_name = "pool-1"
 
-  initial_node_count = "3"
+  initial_node_count = "1"
   min_node_count = "0"
-  max_node_count = "50"
+  max_node_count = "2"
+  is_preemtible = true
   machine_type = "n1-standard-2"
   disk_size_gb = "100"
+  auto_upgrade = true
 
   image_type = "COS"
 
@@ -56,3 +66,7 @@ inputs = {
   // ]
 
 }
+
+dependencies {
+  paths = ["../gke-cluster"]
+}
diff --git a/tf-environments/gcp/dev/vpc/terragrunt.hcl b/tf-environments/gcp/dev/vpc/terragrunt.hcl
@@ -0,0 +1,26 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../tf-modules/gcp/vpc/"
+
+  extra_arguments "common_vars" {
+    commands = get_terraform_commands_that_need_vars()
+
+     arguments = [
+      "-var-file=${get_terragrunt_dir()}/../_env_defaults/gcp.tfvars",
+     ]
+  }
+}
+
+inputs = {
+  vpc_name = "dev"
+
+  public_subnet_cidr_range = "10.32.1.0/24"
+  private_subnet_cidr_range = "10.32.5.0/24"
+
+  number_of_nat_ip_address_to_use = 1
+
+  outbound_through_nat_tags=["private-subnet", "gke-private-nodes"]
+}
diff --git a/tf-environments/gcp/terragrunt.hcl b/tf-environments/gcp/terragrunt.hcl
@@ -8,14 +8,14 @@ remote_state {
   }
 }
 
-terraform {
-  extra_arguments "common_vars" {
-    commands = get_terraform_commands_that_need_vars()
+# terraform {
+#   extra_arguments "common_vars" {
+#     commands = get_terraform_commands_that_need_vars()
 
-     arguments = [
-      #  "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/gcp.tfvars",
-      # "-var-file=${get_terragrunt_dir()}/../_env_defaults/gcp.tfvars",
-      "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/gcp.tfvars",
-     ]
-  }
-}
+#      arguments = [
+#       #  "-var-file=${get_parent_terragrunt_dir()}/_env_defaults/gcp.tfvars",
+#       # "-var-file=${get_terragrunt_dir()}/../_env_defaults/gcp.tfvars",
+#       "-var-file=${get_terragrunt_dir()}/../_env_defaults/gcp.tfvars",
+#      ]
+#   }
+# }
diff --git a/tf-modules/gcp/gke-subnets/main.tf b/tf-modules/gcp/gke-subnets/main.tf
@@ -0,0 +1,41 @@
+terraform {
+  backend "gcs" {
+  }
+}
+
+provider "google" {
+  region      = var.region
+  project     = var.project_name
+  credentials = file(var.credentials_file_path)
+  version     = "~> v3.10.0"
+}
+
+data "google_compute_network" "main-network" {
+  name = var.vpc_name
+}
+
+resource "google_compute_subnetwork" "private_subnet" {
+  name                     = "${var.network_name}-gke-private-subnet"
+  ip_cidr_range            = var.private_subnet_cidr_range
+  network                  = data.google_compute_network.main-network.self_link
+  region                   = var.region
+  private_ip_google_access = "true"
+
+  # enable secondary IP range for pods and services:
+  secondary_ip_range {
+    range_name    = "${var.network_name}-gke-pods"
+    ip_cidr_range = var.pods_ip_cidr_range
+  }
+  secondary_ip_range {
+    range_name    = "${var.network_name}-gke-services"
+    ip_cidr_range = var.services_ip_cidr_range
+  }
+}
+
+resource "google_compute_subnetwork" "public_subnet" {
+  name                     = "${var.network_name}-gke-public-subnet"
+  ip_cidr_range            = var.public_subnet_cidr_range
+  network                  = data.google_compute_network.main-network.self_link
+  region                   = var.region
+  private_ip_google_access = "true"
+}
diff --git a/tf-modules/gcp/gke-subnets/outputs.tf b/tf-modules/gcp/gke-subnets/outputs.tf
@@ -0,0 +1,15 @@
+output "private_subnet_name" {
+  value = google_compute_subnetwork.private_subnet.name
+}
+
+output "public_subnet_name" {
+  value = google_compute_subnetwork.public_subnet.name
+}
+
+output "private_subnet_cidr" {
+  value = google_compute_subnetwork.private_subnet.ip_cidr_range
+}
+
+output "public_subnet_cidr" {
+  value = google_compute_subnetwork.public_subnet.ip_cidr_range
+}